Quantstamp Community Update June 2019

New Hire

We are happy to welcome Chang Yu as a Smart Contract Security Engineer Intern out of our Tokyo office this summer. Chang is studying for his Bachelors in Statistics and Computer Science at Harvard, where he is Director of Outreach and Sponsorships of Harvard Ventures, a student-run VC fund.

Previously, he worked as a research assistant at the University of Memphis, where he authored a paper. He also worked as an investment intern at the ESO Fund as well as marketing strategy and investor relations at Tunelark.

Quantstamp Security Network V2 is now easier to use than ever, allowing developers to easily integrate smart contract security scans into their development workflow. For users who want to participate in the network and earn QSP through scanning smart contracts, we’ve also removed the prior version’s whitelisting of nodes. Now, anyone who stakes 50,000 QSP and follows our node operator instructions on Github can run a node and help contribute to the reliability and decentralization of the network while earning QSP tokens.

With Quantstamp Security Network V2 we’ve also removed the AWS dependencies of the previous version. Nodes on the network can now interact with the Ethereum blockchain directly either using Infura or through their own Ethereum nodes.

Security analysis is improved. Nodes on the network are enabled to run Mythril and Securify analyzers, covering a large range of smart contract vulnerabilities.

The code for both the protocol and the nodes are now open-sourced and available on Github. Anyone can go in to check that the code is correct.

Finally, audit reports are now stored on the blockchain itself. This provides a public record of security for any smart contract scanned on Quantstamp Security Network V2.

If you have any questions while using the protocol, be sure to use the “Help” button. We are constantly monitoring our network and improving it based on user activity and feedback.

Fundamentals of Smart Contract Security Released

Fundamentals of Smart Contract Security is released and on the market! Written by the security experts at Quantstamp, it’s the first book dedicated to the topic of blockchain security. It covers security at both the blockchain and smart contract levels, with specific code examples of prominent smart contract vulnerabilities.

Best practices for smart contract development are also provided, giving readers a comprehensive toolkit to assess and address smart contract security. See a preview of the book here or order the book on Amazon.

‍

Thank You Steven

Our co-founder, Steven Stewart, is transitioning to a Technical Fellow role. As a Technical Fellow, Steven will continue to work with Quantstamp on research-related tasks while having time for other goals as well. Steven transitions from his roles as CTO and Board Director to Technical Fellow as of May 31, 2019, as Quantstamp completed the launch of the Quantstamp Distributed Security Network V2. More details can be found in the May Community Update.

Steven’s first project as Technical Fellow will be to create a draft of the new Yellowpaper and work closer with our university partners at Waterloo. Thank you Steven. We look forward to your next chapter in this company.

Decrypt Tokyo

From June 8-9th, we co-hosted and participated in Decrypt Tokyo, a two-day hackathon with over a hundred participants. Sponsors including Microsoft, Curvegrid, Metaps, and more helped to make this event a huge success. Participants included students from Japan’s top universities such as Tokyo U as well as mentors from top crypto projects such as Kyber Network.

Quantstamp Team members at Decrypt Tokyo‍

We were honored to help organize such a great event for the Japanese blockchain community. Our intern Chang Yu and Security Auditor Poming Lee also participated in the hackathon directly, creating a trust-less password manager. Check out “Encrypt my Data”

Note: This update includes information and forward-looking statements about upcoming events and concepts under continuing development. Schedules, features, and functionality are subject to change or cancellation at any time and you are not to place undue reliance on this information or any forward-looking statements.

Quantstamp and MythX are very excited to support EthBerlin this year. If you're participating, come find us at the HelpDesk, your one-stop resource for any security-related inquiries. Need suggestions on more secure code implementations or advice on mitigating certain vulnerabilities? The HelpDesk is available round the clock to offer guidance and assistance throughout the hackathon.

Computer scientists say that a procedure is re-entrant if its execution can be interrupted in the middle, initiated over (re-entered), and both runs can complete without any errors in execution. In the context of Ethereum smart contracts, re-entrancy can lead to serious vulnerabilities.